Commit graph

237 commits

Author SHA1 Message Date
Dane Everitt
fc2ce11a39
Add template, add files when new service is added. 2016-11-18 18:22:26 -05:00
Dane Everitt
5600f3201c
Add support for deleting service packs. 2016-11-18 17:31:57 -05:00
Dane Everitt
d4729427aa
Support for uploading templates for installing packs 2016-11-16 17:22:22 -05:00
Dane Everitt
e09659a88f
support for pack editing 2016-11-16 16:09:28 -05:00
Dane Everitt
09c2dcc1b6
Support for viewing and exporting packs 2016-11-15 23:12:47 -05:00
Dane Everitt
a1bc6fa2d3
Push changes that support creations of service packs and basic listing 2016-11-15 20:20:32 -05:00
Dane Everitt
1f47eda3b3
Run 'pterodactyl:cleanservices' twice a day to prevent a huge file buildup 2016-11-09 17:59:57 -05:00
Dane Everitt
cfd5e0e854
Implement base service file modification through panel 2016-11-09 17:58:14 -05:00
Dane Everitt
659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.

It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.

At no time was it possible to login without using the correct email
address and password.

As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.

This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().

This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt
48994c1354
Fix the other user bug... 2016-11-04 21:50:47 -04:00
Dane Everitt
4359252545
Fix a @schrej bug 2016-11-04 21:46:16 -04:00
Dane Everitt
cd3f5ed6fe
Correct password setting for MySQL user 2016-11-04 20:47:40 -04:00
Dane Everitt
61e65294af
Fix bug preventing rendering of database hosts when not linked to a node. 2016-11-04 20:44:56 -04:00
Dane Everitt
a55220da39
Fix missing environment variables relating to queues 2016-10-30 18:34:50 -04:00
Jakob
e65dc5708d Validate password on reset according to rules (#158)
* move password rules to Models\User::PASSWORD_RULES

* validate new password according to rules on password reset

* add password requirements info to auth.passwords.reset view
2016-10-30 16:02:39 -04:00
Dane Everitt
6fd7c78f0c
Add server deletion to a queue.
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.

Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.

Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
2016-10-27 20:05:29 -04:00
Dane Everitt
dbec99498d
run task manager tasks at lowest priority 2016-10-27 18:50:10 -04:00
Dane Everitt
bb96039bf1
use low priority queue for tasks 2016-10-27 16:35:50 -04:00
Dane Everitt
55c9f0f2f2
Delete databases when we delete a server. 2016-10-23 19:21:57 -04:00
Dane Everitt
08b236ac1d
better port checking, don't send rebuild unless things are changed. 2016-10-23 19:07:29 -04:00
Dane Everitt
0b044b3cc6
fixes bug that would allow deleting the default allocation for a server. 2016-10-23 18:59:13 -04:00
Dane Everitt
dda5d9aa01
Fix no error display if adding a server with an invalid email 2016-10-23 18:48:14 -04:00
Dane Everitt
ad906e0680
FQDN support for allocations, and JS bug fix. 2016-10-21 17:33:26 -04:00
Dane Everitt
176d92176e
Run tasks every minute as needed
Clear logs every month (configurable) for old tasks logs.
2016-10-21 16:36:40 -04:00
Dane Everitt
bef717b202
add typeahead support for owner email when adding new server
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
2016-10-21 15:22:47 -04:00
Dane Everitt
f24347d1bd
Remove old admin routes, fix display to non-admins
Complete!
2016-10-20 18:40:16 -04:00
Dane Everitt
b1a9a59707
Update middleware to handle wildcards correctly. 2016-10-20 18:35:55 -04:00
Dane Everitt
0f4648b13a
Fixes adding api keys a little more 2016-10-20 18:29:34 -04:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys. 2016-10-20 18:20:58 -04:00
Dane Everitt
dfeed013ba
Server API obey's the subuser permissions as well 2016-10-20 17:04:58 -04:00
Dane Everitt
9fd8a087b8
Revert some changes that cause issues with other URLs 2016-10-20 16:48:37 -04:00
Dane Everitt
125856d92f
Support for server info and minor changes to API setup 2016-10-20 16:42:54 -04:00
Dane Everitt
5a03ce7e1a
Add support for controlling server power from API. 2016-10-20 13:39:39 -04:00
Dane Everitt
745c735b32
Add initial basic API changes
New route is `/api/me`
2016-10-14 20:22:23 -04:00
Dane Everitt
126df09152
Fix route handling 2016-10-14 17:17:35 -04:00
Dane Everitt
7cf7a5a961
Split account things into own controllers. 2016-10-14 17:15:36 -04:00
Dane Everitt
073ef638b8
fix wording in notification event 2016-10-14 16:25:57 -04:00
Dane Everitt
63058d8c8e
Super early base implementation of notifications from daemon 2016-10-14 16:20:24 -04:00
Dane Everitt
c989dd0cc2
Send notification when server is created for user 2016-10-14 15:58:52 -04:00
Dane Everitt
a115c71433
Change SFTP username to be name_uuidShort 2016-10-14 15:34:01 -04:00
Dane Everitt
f65e41a1af
flags for setup scripts, closes #134 2016-10-12 19:02:18 -04:00
Dane Everitt
649b18c8d1
support for server filtering
closes #125
2016-10-12 17:12:27 -04:00
Dane Everitt
84a4c8b7f4
API enhancements, return node config, return 200 not 201 2016-10-12 15:42:23 -04:00
Dane Everitt
c8a73fa608
Log the error output for API 2016-10-07 16:10:54 -04:00
Dane Everitt
af68dbed8f
Add support for base API logging of all requests
ref #31
2016-10-07 16:06:09 -04:00
Dane Everitt
06422b2055
fix up API route return 2016-10-07 14:26:50 -04:00
Dane Everitt
9d55e93e9e
Fix auto-deploy not throwing proper exception 2016-10-07 14:26:37 -04:00
Dane Everitt
06756af994
add ?daemon=true option to API for servers 2016-10-06 23:56:32 -04:00
Dane Everitt
fbfaec6b20
create server with user ID or email 2016-10-06 22:43:50 -04:00
Dane Everitt
9d10c2a757
Support custom user id though API, closes #115 2016-10-06 22:36:59 -04:00